📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.








Flag: Tornado! Hurricane!

 Forums >>  Brainstorms - General  >>  Why Inline asm in C++/CLI creates horrible problem?

Topic created on: August 20, 2010 12:09 CDT by Usman .

Hello,

I am extremely begginer and at at most novice level for playing with assembly.

I am using Inline asm in C++/CLI. Horrible problem infact could be a bug I obsereved. I passed vector from one function call to another. If I comment the whole code snippet of _asm{....some assembly code here} inside the called function where vector used which are provided to it from other function, then no problem whole vector gets fine and copied to argument of called function successfully in correct manner.

But If uncomment _asm{} I mean if I use _asm{} patch in called function , it corrupts the whole vectors of objects, even single string which is participating as in parameter to the function .Infact every most of arguments as data of called function get corrupts where _asm code used. It just shows for every argument values like npos=4294967295. I was expecting string argument would contain valid "strings" and all other rest of parameter would have their correct states. which I just passed from other functions to that called function.


I am amazed while debugging the exe that even before reaching to the point of "_asm" at code , whole data before "_asm" place gets corrupts. Its just like unbelieveable.

EVEN IF I COMMENT EVERYTHING INSIDE _asm PATCH, AND HAVING JUST _asm{} EMPTY OPENING CLOSING BRACES AFTER _asm KEYWORD, STILL THE PROBLEM HAPPENS

Here If I dont write anything at all inside _asm{} even then problem occurs which I described.

What is it? Why this is so? Is CLI creating problem or I am using inline asm in wrong way?
Do I need to save the states of registers?

Kindly help me out , as I am stuck here.

example code:

strParamType  = strReturnType;
               if(strParamType.find("IDispatch")!=string::npos)
             {
                 IDispatch* pIDispatch;
                 _asm
                 {
                   mov  esi,esp
                       lea  eax,[pIDispatch]
                   push eax
             }
              }



Regards
Usman

  jduck     August 20, 2010 13:19.54 CDT
You should refrain from modifying the stack (push eax) when using inline assembly. Otherwise, everything will get horribly messed up.

  Usman     August 20, 2010 18:07.39 CDT
I said not even pushing anything ,just introducing block of _asm{} messed up.

I have to use _asm in my code at every cost. Then What should be the solution to this problem, Do anything extra I need to do for using _asm in my code? How peaople then use _asm in C++ as inline as I am stuck here ?

  RabidCicada     August 23, 2010 11:20.27 CDT
I'd say to look at the generated code and find the difference between the assembly generated by the two (with/without empty asm block).

If you are using MSVC then debug it and stop at the very beginning then right click->view assembly for the code.  It'll show you the assembly for all the C++ code you have and you'll see the assembly it's generating for your code.

  ronnie291983     August 25, 2010 03:54.28 CDT
i generally use pusha/pushf to keep the flags and registers intact and then do what ever u need with the assessmbly after that do a popf/a

Note: Registration is required to post to the forums.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

oleavr
Jun/25
Build a debugger in 5 minutes

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit